linuxdcpp-team team mailing list archive

[maksis <1649066@xxxxxxxxxxxxxxxxxx>]

The validation function is cheap and there is effectively no difference
in filelist loading times.

Since it's possible to add favorite hubs directly from the hublist, it's
quite likely that there are users with malformed data in their
Favorites.xml as well. Disabling the validity check for certain files
isn't an acceptable solution for me because of the issues that would
cause. One alternative would be to (optionally) replace malformed
strings with an error messages (such as "UTF-8 validation failed")
instead of throwing. Any thoughts?

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1649066

Title:
  Invalid UTF-8 data is not always being rejected

Status in AirDC++:
  New
Status in DC++:
  New

Bug description:
  There are various cases where invalid UTF-8 data is being consumed by
  the core:

  1. Text::convert will return the original string in case of errors (Linux only, respective Windows-specific functions will return an empty string in case of errors)
  2. When using "utf-8" encoding in NMDC hubs, the original string will always be returned by conversion functions without validation (generally Linux only since "utf-8" can't be selected from DC++'s GUI)
  3. UTF-8 validation is not performed for strings parsed from XML (specifically file/directory names in filelists)

  This will cause issues especially when the data is processed by
  external sources/libraries that expect to receive valid UTF-8 data
  (https://github.com/airdcpp-web/airdcpp-webclient/issues/204). I'm not
  sure about security implications.

  Another note: messages that fail UTF-8 validation in ADC hubs are
  ignored silently. At least Flexhub seems to be having problems with
  data validation which currently goes unnoticed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/airdcpp/+bug/1649066/+subscriptions